Daryl Cornelius, Director Spirent communications suggests that recent advances in fuzzing testing and Big Data analytics could help restore public confidence in financial systems
It wasn’t so long ago that the PIN and personal password were your guarantee for secure Internet banking. Then along came digital signatures and personalized images or phrases to ensure that the website is genuine;the addition of single use Transaction Authentication Numbers (TAN); and two
factor authentication, where the TAN is generated by an individual security token or independently transmitted by e-mail or SMS; chip TAN generator sadded transaction data to outwit man-in-the-middle attacks; and now there are calls for a further layer of bio metric identification for added security.
Does all this mean that, year on year, the public is growing ever more confident of the safety and security of Internet banking? Probably not –anymore than a house surrounded by a high wall with razor wire, electric fencing, motion detectors, security cameras and armed response warnings makes you feel confident that this must be a safe neighborhood to live in.
Adding many layers of security is the obvious bit – the criminal may have discovered my PIN code and got a bank statement from the refuse bin, but still not be sure about my birth date and mother’s maiden name.
When there is a certain amount of human interaction, as in telephone banking, you can even allow a bit of leeway on getting these answers exactly right. Sometimes the call center asks for more details than I can provide: I have remembered to take my debit card and PIN, reminded myself of all my security answers – and then they ask for the amount of a monthly standing order and I simply cannot remember. But does that mean they will slam the phone down on me? No, they go on asking other questions and see how I manage. Even though I failed one security test, I get another chance because a human operator has time and social skills to judge how I react to being told I have failed a test, how I explain or justify my failure, and how I respond to further questioning. A human operator has a human brain that can make very many more subtle decisions based on further layers of information. It can also be wrong.
If, however, the whole transaction takes place via a keypad, there is vastly less corroborating data and greater reliance on mechanical answers. If the PIN or keyword is wrong, it is wrong, and it would be unwise to allow too many further attempts – because we might be under attack from a system that was using an algorithm to generate a series of likely PIN numbers.
But what if the keypad entry system was so sophisticated that it could, like the call center staff, make judgments about such mistakes – whether, for 2 example, the entry process was a mechanized attack, or behaving like an absent-minded but genuine customer, or like a hacker trying out a series of likely guesses? Google searches, for example, are pretty good at guessing what was really meant when terms are misspelled – they don’t just shut down on you. Similar intelligence might help make decisions on whether a mistaken password was slip or fraud and, like human operator, it might actually identify, raise an alarm and help nail the attacker instead of simply blocking them to try again later.
We’re talking futures here – artificial intelligence may be sufficiently advanced to provide some interesting screening attempts, but not yet enough to be trusted with anything as sensitive and precious as real-world customers who are paying for the bank’s services.
There are, however recent developments that could bring that future closer.
A fuzzy approach
So what can be done right now to increase trust in banking systems?
Today’s most advanced automated security tests throw every known attack at the system under every likely operating condition and – being cloud based –the tests are kept up-to-date with new attacks as soon as they are recognized. This is a powerful solution for reassuring the bank’s management that their systems are indeed secure and trustworthy, but it is hard to explain this to the customer in a way that builds their trust. They might even wonder why – if the system was properly designed in the first place – does it now need so much additional testing?
The human factor in telephone banking raises the question whether better trust might be built around a more organic test approach – one that builds up layers of testing that are not so rigidly defined. You could describe these test criteria as being “fuzzy”, meaning that the correct responses are not so sharply delineated around the edges. The point is that today’s sophisticated test procedures do include a form of “fuzzing testing” as a way of addressing unknown security threats.
Fuzzing testing bombs the system – anywhere where applications and devices receive inputs – with semi-random data instead of known attack profiles. This is one way to find if any irregular input can crash or hang an application, bring down a website or put a device in a compromised state – the sort of thing that might happen when someone inputs a letter ‘O’ when it should have been zero, or accidentally hits an adjacent key.
Another goal of fuzzing testing is to anticipate “zero-day” attacks – ie those that hit you before they hit the news. Hackers assume that you have thoroughly tested your system with traditional functional testing, but there are so many permutations of invalid random input many that not have been tested. As David Newman, President of Bench marking Consultancy Network 3 Test, explains: “Attackers have long exploited the fact that even subtle variations in protocols can cause compromise or failure of networked devices.Fuzzing technology helps level the playing field, giving implements a chance to subject their systems to millions of variations in traffic patterns before the bad guys get a chance to”.
All it might take is one random string of input to cause a crash or hang, and so hackers use automated software to keep throwing random input at your network in the chance of striking lucky. “It takes a thief to catch a thief”, so fuzzing testing does the same thing, but under controlled conditions. Again,such fuzzing testing relies heavily on automation to get sufficient test coverage. Today’s fuzzing test tools generate millions of permutations – not only making the network much more secure, but also saving manual work and keeping the testing fast and efficient.
The immediate benefit of fuzzing testing is that it increases the bank’s trust in its own system security. But does that help the customer to build trust?
I suggest that it does, for the following reasons. One of the things that supports trust in Google is the way it handles silly mistakes: if a user misspells a search term, Google comes up with intelligent suggestions, and that gives the feel of a well-designed system. By analogy, if a customer makes a small slip when logging in to the bank, and the system responds stupidly or even crashes, it suggests that the system is fragile, and that does not build customer confidence.
So the greater resilience to error resulting from repeated fuzzing testing does make the system seem less fragile – and that is the first step in building confidence.
What lies ahead?
Today’s functional test systems can do a lot to reassure the network managers that their systems are as well as possible defended against attacks and faults, but then the task is to pass on that confidence to the customer without over-explaining and sounding “defensive” in the negative sense.
Fuzzing tests go further along the same lines by adding confidence against unknown and unexpected threats, but I suggest that their application could also make the system begin to feel more solid and trustworthy to the customer.
Can we go further? Can we build into a mechanized entry system the equivalent of human intelligence that can assess the personality of the applicant and make good decisions about the credibility of their responses,and what further questions to ask? Instead of just dumbly closing down, can the system flag a danger signal and then escalate authentication with further security checks? To the customer, such an intelligent response would suggest that the system really is alert to danger and “knows what it is doing” – as 4 scary, and yet as comforting, as a community police officer with good local knowledge and experience.
We still have a long way to go before computers can match those skills, but recent advances in real time Big Data analysis could help clarify understanding of human behavior patterns, and suggest more subtle tests to identify fraudulent behavior. Couple that with fuzzing techniques that extend response testing to embrace the infinite variety of possible near misses, and this could point the way ahead.
Because the real challenge is two-fold: both to make the system resilient to attack and, at the same time, to build the customers’ trust that it truly is resilient.
How open banking can drive innovation and growth in a post-COVID world
By Billel Ridelle, CEO at Sweep
Times are pretty tough for businesses right now. For SMEs in particular, a global financial and health crisis of the sort we’re currently witnessing represents a truly existential risk. Yet there is hope of a brighter future. Digital transformation is already helping organisations in countless sectors, with everything from building supply chain resilience to rolling out potentially life-saving contact-tracing schemes. Yet it’s not just delivering transformative benefits in grand projects like this.
Thanks to open banking rules, a new wave of fintech innovation is sweeping the globe, offering business leaders a new launchpad for success. Even something as simple as corporate expenses can be transformed by the power of open data — to help firms cut costs, reduce fraud risk and become more productive.
Opening up data to innovation
It’s easy to get bogged down in the technical details of open banking, and the slew of new acronyms it has ushered in: Third Party Providers (TPPs), Account Information Service Providers (AISPs), Payment Initiation Service Providers (PISPs), and Application Programming Interfaces (APIs). Yet at the heart of the open banking revolution is a simple concept: the idea that forcing banks to open up their customers’ financial data will create more competition, and fresh opportunities for market entrants to create innovative new services.
This was at the heart of the UK government’s world-leading strategy when it was introduced back in 2016. A revised EU payment services directive (PSD2) gave it legal teeth, mandating that all payment account providers in the region provide third-party access for customers that want it. The push is also about reducing banking fees and enhancing financial inclusion, of course, but it’s in competition and innovation that the benefits really shine for businesses.
Access to real-time financial data via open APIs has already resulted in a range of new services which are helping businesses ride out the current economic storm. Whether it’s capabilities that can help freelancers prove loss of income to receive targeted loans, or services designed to streamline business processes to reduce costs and fraud — examples of innovation are endless.
What’s more, it’s already global. Aside from the PSD2, open banking rules are taking shape in Australia, New Zealand, Japan, Singapore, Hong Kong, Mexico and elsewhere. According to frequently cited Gartner predictions, regulators in around half of the G20 countries will create an open banking API regime over the coming year.
In the UK alone this is set to create a £7.2 billion revenue opportunity by 2022, with 71% of SMBs and 64% of adults expected to adopt it by then, according to PwC.
Making expenses pay
Corporate expenses and travel management might not be an area one immediately associates with high levels of innovation. But here too, open banking is having a profound impact. By combining automation, in-app approvals, integration with corporate policy and secure open banking APIs, companies like Sweep are offering new ways to solve old problems.
Part of the legacy challenge relates to productivity. Managing corporate travel costs and expenses was cited last year as the biggest concern of the UK’s small and mid-sized firms. Separate research claimed that SMBs are estimated to lose over £8.7 billion annually due to the time it takes employees and managers to complete these menial tasks. By automatically integrating real-time corporate bank account information into an easy-to-use app, we can save up to 15 hours a month on data input and travel administration per employee. That’s all time they could be spending on growing the business.
Another key area of concern is fraud. According to some estimates, fraudulent expenses claims could be costing UK firms £1.9 billion each year. In the US, the figure could be approaching $3 billion annually. Whether it’s the result of submitting expense claims for personal purchases, claiming for additional mileage on work trips, or over-claiming for other items, it all adds up. What’s more, fraud tends to spike particularly during times of recession, when normally diligent employees look for ways to supplement their income.
In this use case too, there are benefits to be had from open banking-powered solutions. Traditional manual processes offer too many gaps that can be exploited by fraudsters. Submitting paper receipts to finance departments — which must then input the information into spreadsheets or accounting software — is slow, error-prone and lacks accountability. However, with modern digital systems, transactions are automatically fed through from bank account to expense management platform. Here they are seamlessly checked according to policy and automatically approved, rejected or flagged for further investigation.
The future’s open
Thanks to the power of open banking, innovative fintech use cases like this are transforming operational challenges into opportunities to cut costs and fraud risks, improve employee productivity and become more strategic. With real-time data fed through from corporate bank accounts, finance directors can better understand spending patterns, react with greater agility and gain the insight they need to run their businesses more efficiently.
So what of the future? The good news is that open banking is only just getting started. As more sophisticated machine learning algorithms are developed, it has the potential for even greater disruption by empowering SMEs with predictive analytics and forecasting tools, or more accurate fraud checks, for example. Those in Europe may benefit most as PSD2 allows businesses to use tools that work seamlessly and securely across markets, without requiring any duplication of work.
In fact, open banking is not just good for individual SMEs, it’s important for Europe as a whole if we are ever to nurture successful digital unicorns to compete with those coming out of the US and China.
Open banking been described in the past as a quiet revolution. With the right buy-in from business and the continued innovation of digital platforms, it may soon become a full-throated roar.
Banks take note: Customers want to pay with points
By Len Covello, Chief Technology Officer of Engage People
‘Pay with Points’ – that is, integrating the ability to pay with loyalty reward points directly into the online check-out process – is a trend that is growing exponentially with big-name brands like Amazon, PayPal and American Express leading the way.
The past few months have posed an unprecedented challenge in the loyalty space, especially with the pandemic’s impact on travel. The unforeseen impacts across the board have caused institutions with premier incentive credit cards to feel increased pressure to retain their loyalty members. As such, exploring innovative ways to create a personalized loyalty experience for customers is at the forefront now more than ever.
Offering the flexibility to pay with points is certainly one option that can help transform financial institutions’ (FIs) loyalty programs. With the evolution of consumer preferences – like relying on other forms of payment outside of credit and the move towards contactless payments – viewing points as currency naturally ties into the “new ways” in which American consumers bank, pay and shop.
Personalization is a win-win for banks and loyalty program members
As the world continues to evolve in light of the pandemic, consumer habits like mobile banking and shopping online for groceries are likely to carry over long-term. As a result, consumers will expect their loyalty programs to provide new incentives to fit their ever-changing needs. By offering loyalty program members the ability to pay with points for the items they want or need during the online check-out process, FIs are creating a more personalized shopping experience. This can help increase member retention, especially compared to dated loyalty programs that offer limited options for point redemption.
As we’ve learned with iPhones, tap to pay and other technologies that reduce friction, once consumers begin using a new and convenient digital service, there’s little desire to go back to the old way of doing things. By incorporating pay with points into loyalty programs sooner rather than later, FIs will be setting themselves apart in terms of meeting their member’s needs with modern payment offerings.
Outside of providing a personalized experience to loyalty program members, pay with points as a program perk also has specific benefits when it comes to a bank’s bottom line. Currently, there are billions of dollars in liabilities in the form of unused points sitting on banks balance sheets. This is in part due to loyalty program members inability to spend their points how they want. By allowing a more personal and flexible way to spend points, banks can reduce those liabilities while creating a more engaging experience for their members.
Meeting consumer demand is easier than you think
Incorporating the infrastructure to power new digital capabilities is more often than not a cause for concern: how expensive will it be? What does down time look like? How long will it take to get up and running?
Luckily for banks, the process is actually quite simple – and inexpensive. With a lightweight integration of a few APIs, banks can tap into a pool of retailers to make their merchandise available for purchase with points by loyalty program members in no time. And as the retail network expands, there’s no need for additional IT work to add new brands into the fold. Ultimately, API integrations upfront create a frictionless and scalable solution for FIs and a preferred shopping experience for members. And based on market feedback, the personalized experience that results from giving customers the option to spend points as easily as they would cash or card, far exceeds any initial inconveniences that may arise.
According to our recent Customer Loyalty Survey, 75% of customers are more likely to spend loyalty reward points to make a purchase over other payment methods. The findings also indicated that 72% of customers are actively engaged in loyalty programs because of the available redemption options.
Long-term loyalty is not just about acquisition or promotional material, but rather the experience of redemption and viewing loyalty points through a fresh lens. Customers today are well-versed in what’s available to them online. The more redemption options offered to the consumer, the more appealing the FI becomes.
Loyalty point redemption in action
In April of 2020, when the world was mostly in lockdown, we looked at how a select group of approximately 3,000 consumers spent their loyalty reward points, comparing April 2020 to April 2019. Key findings suggest that, if given the opportunity, consumers will spend their loyalty points to buy what they want or need based on their specific circumstances. For example:
- Significant increases in the purchase of outdoor items like BBQs and smokers (+3401%), fire pits and heaters (+2644%) and pool and patio accessories (+1297%) suggested people were making the most of the spaces around them.
- Consumers were focusing on their personal health and well-being with the increase in points spent on fitness accessories (+1664%), bike accessories (+1453%) and fitness trackers (+536%).
- Finally, the increase in purchases of hand-held power tools (+3076%), smart control lighting (+1750%), stick vacuums (+1096%) and specialty small appliances (+531%) suggests consumers took advantage of the opportunity to check projects off their at-home to-do lists.
We’re keeping a close eye on how loyalty point purchases evolve as more retailers and FIs get on board with viewing points as a true form of currency, especially in a post-pandemic world. Which items will rise to the top in the coming months and years as the payments ecosystem evolves? Will flight purchases or experience-based purchases regain popularity?
What’s next in the loyalty payments space?
As consumers continue to look for alternative payment methods, offering the flexibility to pay with points is the perfect opportunity for FIs looking to reinvent their loyalty programs. Engage People has always viewed loyalty points as a fiat currency, creating innovative technology that allows for easy integration that satisfies loyalty program members’ needs.
In the future, there’s a real opportunity to incorporate loyalty reward points into everyday life – extending beyond the online shopping experience. Imagine a world where you can pay for coffee, your bills, monthly subscription services like Netflix or make charitable donations with loyalty points just as you would with a credit card or cash. The future involves a mindset shift by consumers, financial institutions and the entire payments ecosystem, and that shift is viewing loyalty points as a true form of currency. Like reaching for cash, a debit or credit card, loyalty points can easily become a payment option of choice for consumers. FIs that are at the forefront of this trend now have the most to gain long term.
The Importance of Liquidity Solutions
By Justin Silsbury, Lead – Product Manager at Infosys Finacle
Economic uncertainty and business complexity have made a deep impact on corporate treasury management in recent years. With regulations getting tougher, funding becoming elusive, and profits shrinking fast, the way liquidity is managed is making a real difference to companies’ survival. As corporate treasurers around the world struggle with the challenges of liquidity management, they are turning to their banks for support; it is imperative that the industry respond with digital solutions that enable clients to manage money efficiently at low cost.
Why corporates need liquidity solutions
Corporate banking customers need a liquidity structure that maximises security, liquidity and yield. Even today, treasurers in multinational corporations lack visibility into their companies’ overall cash position across countries and currencies. Delivering returns on excess cash, although important, is not a priority for them, but making sure the money is safe and available when needed, is. Therefore, a liquidity solution should be able to consolidate a company’s cash position across all its accounts around the world, provide a unified view in real-time, as well as offer timely suggestions on maximising utilisation and yield. It should automate all these functions as far as possible to reduce both manual overheads and the risk of moving money manually on a daily basis.
Broadly, liquidity solutions are of three types – cash concentration solutions that automatically move money around the world; interest optimization solutions that reward customers based on their aggregated balances without the need to move any money; and investment sweeps that move all the consolidated funds to a money market fund or other short-term investment to earn extra returns.
And why banks should provide them
There are several reasons why banks should invest in a sound liquidity solution. The most important one is that without it, a bank can never become a customer’s principal financial institution. A large corporation will have many banking providers, each one trying to increase share of wallet; in this situation, a high involvement product such as a liquidity solution is particularly effective for building stickiness and strengthening a bank’s position vis-à-vis others. An illustration may be useful here: say a food retail chain banks with Santander in the U.K., and other banks across Europe. If the retailer chooses to consolidate its cash daily into its U.K. account using Santander’s liquidity management solution, where the excess cash can then be swept into an investment vehicle overnight, over time, Santander can cross-sell other products to the client to increase revenue and stickiness.
Technology does it
Corporate banking has historically lagged retail banking in technology adoption. It is high time that banks remedied this by digitizing their corporate solutions. Specifically, they can leverage a variety of digital technologies to provide clients instant access to liquidity, global visibility into the overall cash position, and efficient working capital management. With robotic process automation and machine learning, they can simplify and automate processes to cut cost and lead-time. Blockchain enables banks to offer fast, secure, cross-border transactions, while open APIs ease collaboration and co-innovation with Fintechs, customers and developers.
Banks need to deliver frictionless, personalized, “retail banking-like” experiences over customer-centric corporate banking channels. Instead of channel silos – one for liquidity, another for payments and so on – customers will see data from all their accounts in one place, from where they can manage liquidity, forecast cash flows, secure trade finance etc. On their part, banks can use 360-degree customer insight to issue not just timely alerts but also contextual recommendations. For instance, being able to alert a customer that a large payment is due the following week, but also suggesting the best options for arranging those funds.
Apart from improving the customer journey, a real move in corporate banking is towards cloud adoption. Many banks have started the cloud journey, but many still have some distance to cover before they are fully cloud-enabled; mainly, they are migrating monolithic, on-premise workloads to the cloud. Early adopters, such as JP Morgan Chase, HSBC and Citibank, are setting the pace by developing their own capabilities as well as procuring certain components from Fintech partners to plug into their overall solution.
One size doesn’t fit all
In the past, corporate banking solutions were largely meant for big companies, but today they are relevant to enterprises of all sizes. Internet and mobile have enabled even small local firms to scale far and wide, creating a need for solutions to manage their money across borders. Therefore, banks need to make sure their liquidity solution can accommodate the different needs of different clients. Only a flexible, componentised solution can do that.
The importance of app-based commerce to hospitality in the new normal
By Jeremy Nicholds CEO, Judopay As society adapts to the rapidly changing “new normal” of working and socialising, many businesses...
The Psychology Behind a Strong Security Culture in the Financial Sector
By Javvad Malik, Security Awareness Advocate at KnowBe4 Banks and financial industries are quite literally where the money is, positioning...
How open banking can drive innovation and growth in a post-COVID world
By Billel Ridelle, CEO at Sweep Times are pretty tough for businesses right now. For SMEs in particular, a global financial...
How to use data to protect and power your business
By Dave Parker, Group Head of Data Governance, Arrow Global Employees need to access data to do their jobs. But...
How business leaders can find the right balance between human and bot when investing in AI
By Andrew White is the ANZ Country Manager of business transformation solutions provider, Signavio The digital world moves quickly. From...
Has lockdown marked the end of cash as we know it?
By James Booth, VP of Payment Partnerships EMEA, PPRO Since the start of the pandemic, businesses around the world have...
Lockdown 2.0 – Here’s how to be the best-looking person in the virtual room
By Jeff Carlson, author of The Photographer’s Guide to Luminar 4 and Take Control of Your Digital Photos suggests “the product you’re creating is...
Banks take note: Customers want to pay with points
By Len Covello, Chief Technology Officer of Engage People ‘Pay with Points’ – that is, integrating the ability to pay...
Are you a fighter or a freezer? The 4 “F’s” of Surviving Danger
By Dr.Roger Firestien, Author of Create In a Flash. The fight, flight, freeze survival response – or FFF for short...
Why the FemTech sector might be the sustainability saviour we have been waiting for
By Kristy Chong, CEO & Founder Modibodi ® Taking single use plastics out of circulation is no easy feat, but...